kube-cascade/matrix/config.yaml

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "synapse-werts-config"
  namespace: synapse
spec:
  refreshInterval: "5s"
  secretStoreRef:
    name: k8s-store
    kind: SecretStore
  data:
  - {"secretKey": "registration_shared_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "registration_shared_secret"}}
  - {"secretKey": "pepper", "remoteRef": {"key": "synapse-werts-secrets", "property": "password_config__pepper"}}
  - {"secretKey": "macaroon_secret_key", "remoteRef": {"key": "synapse-werts-secrets", "property": "macaroon_secret_key"}}
  - {"secretKey": "form_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "form_secret"}}

  - {"secretKey": "oidc_client_id", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_id"}}
  - {"secretKey": "oidc_client_secret", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_secret"}}

  - {"secretKey": "db_user", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "user"}}
  - {"secretKey": "db_password", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "password"}}
  - {"secretKey": "db_dbname", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "dbname"}}
  - {"secretKey": "db_host", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "host"}}
  target:
    name: synapse-werts-config
    template:
      type: Opaque
      data:
        "homeserver.yaml": |
           macaroon_secret_key: "{{.macaroon_secret_key}}"
           form_secret: "{{.form_secret}}"
           registration_shared_secret: "{{.registration_shared_secret}}"
           password_config:
             enabled: true
             pepper: "{{ .pepper }}"
            
           server_name: werts.us
           public_baseurl: https://chat.werts.us/
           pid_file: /data/homeserver.pid

           media_store_path: "/data/media_store"
           report_stats: false
           trusted_key_servers:
             - server_name: "matrix.org"
           signing_key_path: "/data/my.matrix.host.signing.key"
           limit_remote_rooms:
             enabled: true
             complexity: 0.0
             complexity_error: "only admins are allowed to join federated rooms"
             admins_can_join: true
           allow_public_rooms_without_auth: false
           allow_public_rooms_over_federation: false


           listeners:
             - port: 8008
               tls: false
               type: http
               x_forwarded: true

               resources:
                 - names: [client, federation]
                   compress: false
           database:
             name: psycopg2
             args:
               user: "{{ .db_user }}"
               password: "{{ .db_password }}"
               database: "{{ .db_dbname }}"
               host: "{{ .db_host }}"
               cp_min: 5
               cp_max: 10
           oidc_providers:
             - idp_id: my_idp
               idp_name: "werts.us"
               discover: true
               issuer: "https://auth.werts.us/realms/werts"
               scopes: ["openid", "profile"]
               skip_verification: true
               user_mapping_provider:
                 config:
                   subject_claim: "preferred_username"
                   localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"
                   display_name_template: "{{"{{"}} user.name {{"}}"}}"
                   email_template: "{{"{{"}} user.email {{"}}"}}"
               client_id: "{{ .oidc_client_id }}"
               client_secret: "{{ .oidc_client_secret }}"
add missing matrix secrets to cluster resources 2023-06-18 20:08:31 +00:00			`---`
			`apiVersion: external-secrets.io/v1beta1`
			`kind: ExternalSecret`
			`metadata:`
			`name: "synapse-werts-config"`
			`namespace: synapse`
			`spec:`
			`refreshInterval: "5s"`
			`secretStoreRef:`
			`name: k8s-store`
			`kind: SecretStore`
			`data:`
			`- {"secretKey": "registration_shared_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "registration_shared_secret"}}`
			`- {"secretKey": "pepper", "remoteRef": {"key": "synapse-werts-secrets", "property": "password_config__pepper"}}`
			`- {"secretKey": "macaroon_secret_key", "remoteRef": {"key": "synapse-werts-secrets", "property": "macaroon_secret_key"}}`
			`- {"secretKey": "form_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "form_secret"}}`

			`- {"secretKey": "oidc_client_id", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_id"}}`
			`- {"secretKey": "oidc_client_secret", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_secret"}}`

			`- {"secretKey": "db_user", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "user"}}`
			`- {"secretKey": "db_password", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "password"}}`
			`- {"secretKey": "db_dbname", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "dbname"}}`
			`- {"secretKey": "db_host", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "host"}}`
			`target:`
			`name: synapse-werts-config`
			`template:`
			`type: Opaque`
			`data:`
			`"homeserver.yaml": \|`
			`macaroon_secret_key: "{{.macaroon_secret_key}}"`
			`form_secret: "{{.form_secret}}"`
			`registration_shared_secret: "{{.registration_shared_secret}}"`
			`password_config:`
			`enabled: true`
			`pepper: "{{ .pepper }}"`

			`server_name: werts.us`
			`public_baseurl: https://chat.werts.us/`
			`pid_file: /data/homeserver.pid`

			`media_store_path: "/data/media_store"`
			`report_stats: false`
			`trusted_key_servers:`
			`- server_name: "matrix.org"`
			`signing_key_path: "/data/my.matrix.host.signing.key"`
			`limit_remote_rooms:`
			`enabled: true`
			`complexity: 0.0`
			`complexity_error: "only admins are allowed to join federated rooms"`
			`admins_can_join: true`
			`allow_public_rooms_without_auth: false`
			`allow_public_rooms_over_federation: false`


			`listeners:`
			`- port: 8008`
			`tls: false`
			`type: http`
			`x_forwarded: true`

			`resources:`
			`- names: [client, federation]`
			`compress: false`
			`database:`
			`name: psycopg2`
			`args:`
			`user: "{{ .db_user }}"`
			`password: "{{ .db_password }}"`
			`database: "{{ .db_dbname }}"`
			`host: "{{ .db_host }}"`
			`cp_min: 5`
			`cp_max: 10`
			`oidc_providers:`
			`- idp_id: my_idp`
			`idp_name: "werts.us"`
			`discover: true`
			`issuer: "https://auth.werts.us/realms/werts"`
			`scopes: ["openid", "profile"]`
			`skip_verification: true`
			`user_mapping_provider:`
			`config:`
			`subject_claim: "preferred_username"`
			`localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"`
			`display_name_template: "{{"{{"}} user.name {{"}}"}}"`
			`email_template: "{{"{{"}} user.email {{"}}"}}"`
			`client_id: "{{ .oidc_client_id }}"`
			`client_secret: "{{ .oidc_client_secret }}"`